Definitive global law guides offering comparative analysis from top-ranked lawyers
INTRODUCTION | 5 |
Contributed by Christian Schröder and Odey Hardan, Orrick | 5 |
AUSTRALIA | 9 |
Law and Practice | 9 |
Contributed by Nyman Gibson Miralis | 9 |
Trends and Developments | 30 |
Contributed by Nyman Gibson Miralis | 30 |
BELGIUM | 40 |
Law and Practice | 40 |
Contributed by Alston & Bird LLP | 40 |
Trends and Developments | 54 |
Contributed by Loyens & Loeff | 54 |
BRAZIL | 62 |
Trends and Developments | 62 |
Contributed by Machado Meyer | 62 |
CHILE | 72 |
Law and Practice | 72 |
Contributed by Magliona Abogados | 72 |
HUNGARY | 92 |
Law and Practice | 92 |
Contributed by PROVARIS Varga & Partners | 92 |
Trends and Developments | 115 |
Contributed by PROVARIS Varga & Partners | 115 |
INDIA | 122 |
Trends and Developments | 122 |
Contributed by JSA | 122 |
ITALY | 128 |
Law and Practice | 128 |
Contributed by ICT Legal Consulting | 128 |
Trends and Developments | 159 |
Contributed by ICT Legal Consulting | 159 |
JAPAN | 164 |
Law and Practice | 164 |
Contributed by Mori Hamada & Matsumoto | 164 |
Trends and Developments | 175 |
Contributed by Nagashima Ohno & Tsunematsu | 175 |
MEXICO | 184 |
Law and Practice | 184 |
Contributed by Nader Hayaux & Goebel | 184 |
PORTUGAL | 198 |
Law and Practice | 198 |
Contributed by Abreu Advogados | 198 |
Trends and Developments | 216 |
Contributed by Abreu Advogados | 216 |
SINGAPORE | 223 |
Law and Practice | 223 |
Contributed by Drew & Napier LLC | 223 |
Trends and Developments | 245 |
Contributed by CMS | 245 |
SWEDEN | 253 |
Law and Practice | 253 |
Contributed by Mannheimer Swartling | 253 |
Trends and Developments | 267 |
Contributed by Mannheimer Swartling | 267 |
SWITZERLAND | 273 |
Law and Practice | 273 |
Contributed by Walder Wyss Ltd | 273 |
Trends and Developments | 287 |
Contributed by Walder Wyss Ltd | 287 |
TÜRKIYE | 294 |
Law and Practice | 294 |
Contributed by YAZICIOGLU Legal | 294 |
UK | 319 |
Law and Practice | 319 |
Contributed by Sidley Austin LLP | 319 |
Trends and Developments | 337 |
Contributed by Sidley Austin LLP | 337 |
USA | 344 |
Law and Practice | 344 |
Contributed by Freshfields | 344 |
Trends and Developments | 359 |
Contributed by Freshfields | 359 |
1. General Overview of Laws and Regulators | 11 |
1.1 Cybersecurity Regulation Strategy | 11 |
1.2 Cybersecurity Laws | 11 |
1.3 Cybersecurity Regulators | 13 |
2. Critical Infrastructure Cybersecurity | 17 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 17 |
2.2 Critical Infrastructure Cybersecurity Requirements | 18 |
2.3 Incident Response and Notification Obligations | 18 |
2.4 State Responsibilities and Obligations | 20 |
3. Financial Sector Operational Resilience Regulation | 21 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 21 |
3.2 ICT Service Provider Contractual Requirements | 21 |
3.3 Key Operational Resilience Obligations | 22 |
3.4 Operational Resilience Enforcement | 23 |
3.5 International Data Transfers | 23 |
3.6 Threat-Led Penetration Testing | 25 |
4. Cyber-Resilience | 25 |
4.1 Cyber-Resilience Legislation | 25 |
4.2 Key Obligations Under Legislation | 26 |
5. Security Certification for ICT Products, Services and Processes | 26 |
5.1 Key Cybersecurity Certification Legislation | 26 |
6. Cybersecurity in Other Regulations | 27 |
6.1 Cybersecurity and Data Protection | 27 |
6.2 Cybersecurity and AI | 28 |
6.3 Cybersecurity in the Healthcare Sector | 28 |
1. General Overview of Laws and Regulators | 42 |
1.1 Cybersecurity Regulation Strategy | 42 |
1.2 Cybersecurity Laws | 42 |
1.3 Cybersecurity Regulators | 43 |
2. Critical Infrastructure Cybersecurity | 45 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 45 |
2.2 Critical Infrastructure Cybersecurity Requirements | 45 |
2.3 Incident Response and Notification Obligations | 46 |
2.4 State Responsibilities and Obligations | 47 |
3. Financial Sector Operational Resilience Regulation | 47 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 47 |
3.2 ICT Service Provider Contractual Requirements | 47 |
3.3 Key Operational Resilience Obligations | 48 |
3.4 Operational Resilience Enforcement | 49 |
3.5 International Data Transfers | 49 |
3.6 Threat-Led Penetration Testing | 49 |
4. Cyber-Resilience | 50 |
4.1 Cyber-Resilience Legislation | 50 |
4.2 Key Obligations Under Legislation | 50 |
5. Security Certification for ICT Products, Services and Processes | 51 |
5.1 Key Cybersecurity Certification Legislation | 51 |
6. Cybersecurity in Other Regulations | 52 |
6.1 Cybersecurity and Data Protection | 52 |
6.2 Cybersecurity and AI | 52 |
6.3 Cybersecurity in the Healthcare Sector | 52 |
1. General Overview of Laws and Regulators | 74 |
1.1 Cybersecurity Regulation Strategy | 74 |
1.2 Cybersecurity Laws | 75 |
1.3 Cybersecurity Regulators | 77 |
2. Critical Infrastructure Cybersecurity | 78 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 78 |
2.2 Critical Infrastructure Cybersecurity Requirements | 80 |
2.3 Incident Response and Notification Obligations | 81 |
2.4 State Responsibilities and Obligations | 83 |
3. Financial Sector Operational Resilience Regulation | 83 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 83 |
3.2 ICT Service Provider Contractual Requirements | 84 |
3.3 Key Operational Resilience Obligations | 85 |
3.4 Operational Resilience Enforcement | 86 |
3.5 International Data Transfers | 87 |
3.6 Threat-Led Penetration Testing | 87 |
4. Cyber-Resilience | 87 |
4.1 Cyber-Resilience Legislation | 87 |
4.2 Key Obligations Under Legislation | 88 |
5. Security Certification for ICT Products, Services and Processes | 88 |
5.1 Key Cybersecurity Certification Legislation | 88 |
6. Cybersecurity in Other Regulations | 88 |
6.1 Cybersecurity and Data Protection | 88 |
6.2 Cybersecurity and AI | 90 |
6.3 Cybersecurity in the Healthcare Sector | 91 |
1. General Overview of Laws and Regulators | 94 |
1.1 Cybersecurity Regulation Strategy | 94 |
1.2 Cybersecurity Laws | 96 |
1.3 Cybersecurity Regulators | 99 |
2. Critical Infrastructure Cybersecurity | 102 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 102 |
2.2 Critical Infrastructure Cybersecurity Requirements | 102 |
2.3 Incident Response and Notification Obligations | 105 |
2.4 State Responsibilities and Obligations | 106 |
3. Financial Sector Operational Resilience Regulation | 109 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 109 |
3.2 ICT Service Provider Contractual Requirements | 109 |
3.3 Key Operational Resilience Obligations | 110 |
3.4 Operational Resilience Enforcement | 110 |
3.5 International Data Transfers | 111 |
3.6 Threat-Led Penetration Testing | 112 |
4. Cyber-Resilience | 112 |
4.1 Cyber-Resilience Legislation | 112 |
4.2 Key Obligations Under Legislation | 112 |
5. Security Certification for ICT Products, Services and Processes | 112 |
5.1 Key Cybersecurity Certification Legislation | 112 |
6. Cybersecurity in Other Regulations | 113 |
6.1 Cybersecurity and Data Protection | 113 |
6.2 Cybersecurity and AI | 113 |
6.3 Cybersecurity in the Healthcare Sector | 114 |
1. General Overview of Laws and Regulators | 131 |
1.1 Cybersecurity Regulation Strategy | 131 |
1.2 Cybersecurity Laws | 131 |
1.3 Cybersecurity Regulators | 132 |
2. Critical Infrastructure Cybersecurity | 134 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 134 |
2.2 Critical Infrastructure Cybersecurity Requirements | 136 |
2.3 Incident Response and Notification Obligations | 138 |
2.4 State Responsibilities and Obligations | 140 |
3. Financial Sector Operational Resilience Regulation | 141 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 141 |
3.2 ICT Service Provider Contractual Requirements | 142 |
3.3 Key Operational Resilience Obligations | 144 |
3.4 Operational Resilience Enforcement | 146 |
3.5 International Data Transfers | 148 |
3.6 Threat-Led Penetration Testing | 150 |
4. Cyber-Resilience | 151 |
4.1 Cyber-Resilience Legislation | 151 |
4.2 Key Obligations Under Legislation | 152 |
5. Security Certification for ICT Products, Services and Processes | 154 |
5.1 Key Cybersecurity Certification Legislation | 154 |
6. Cybersecurity in Other Regulations | 156 |
6.1 Cybersecurity and Data Protection | 156 |
6.2 Cybersecurity and AI | 157 |
6.3 Cybersecurity in the Healthcare Sector | 157 |
1. General Overview of Laws and Regulators | 167 |
1.1 Cybersecurity Regulation Strategy | 167 |
1.2 Cybersecurity Laws | 167 |
1.3 Cybersecurity Regulators | 169 |
2. Critical Infrastructure Cybersecurity | 169 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 169 |
2.2 Critical Infrastructure Cybersecurity Requirements | 170 |
2.3 Incident Response and Notification Obligations | 170 |
2.4 State Responsibilities and Obligations | 172 |
3. Financial Sector Operational Resilience Regulation | 172 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 172 |
3.2 ICT Service Provider Contractual Requirements | 172 |
3.3 Key Operational Resilience Obligations | 173 |
3.4 Operational Resilience Enforcement | 173 |
3.5 International Data Transfers | 173 |
3.6 Threat-Led Penetration Testing | 174 |
4. Cyber-Resilience | 174 |
4.1 Cyber-Resilience Legislation | 174 |
4.2 Key Obligations Under Legislation | 174 |
5. Security Certification for ICT Products, Services and Processes | 174 |
5.1 Key Cybersecurity Certification Legislation | 174 |
6. Cybersecurity in Other Regulations | 174 |
6.1 Cybersecurity and Data Protection | 174 |
6.2 Cybersecurity and AI | 174 |
6.3 Cybersecurity in the Healthcare Sector | 174 |
1. General Overview of Laws and Regulators | 186 |
1.1 Cybersecurity Regulation Strategy | 186 |
1.2 Cybersecurity Laws | 187 |
1.3 Cybersecurity Regulators | 188 |
2. Critical Infrastructure Cybersecurity | 190 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 190 |
2.2 Critical Infrastructure Cybersecurity Requirements | 190 |
2.3 Incident Response and Notification Obligations | 190 |
2.4 State Responsibilities and Obligations | 191 |
3. Financial Sector Operational Resilience Regulation | 191 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 191 |
3.2 ICT Service Provider Contractual Requirements | 192 |
3.3 Key Operational Resilience Obligations | 192 |
3.4 Operational Resilience Enforcement | 193 |
3.5 International Data Transfers | 193 |
3.6 Threat-Led Penetration Testing | 193 |
4. Cyber-Resilience | 193 |
4.1 Cyber-Resilience Legislation | 193 |
4.2 Key Obligations Under Legislation | 194 |
5. Security Certification for ICT Products, Services and Processes | 194 |
5.1 Key Cybersecurity Certification Legislation | 194 |
6. Cybersecurity in Other Regulations | 194 |
6.1 Cybersecurity and Data Protection | 194 |
6.2 Cybersecurity and AI | 196 |
6.3 Cybersecurity in the Healthcare Sector | 197 |
1. General Overview of Laws and Regulators | 200 |
1.1 Cybersecurity Regulation Strategy | 200 |
1.2 Cybersecurity Laws | 200 |
1.3 Cybersecurity Regulators | 201 |
2. Critical Infrastructure Cybersecurity | 202 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 202 |
2.2 Critical Infrastructure Cybersecurity Requirements | 202 |
2.3 Incident Response and Notification Obligations | 203 |
2.4 State Responsibilities and Obligations | 204 |
3. Financial Sector Operational Resilience Regulation | 204 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 204 |
3.2 ICT Service Provider Contractual Requirements | 206 |
3.3 Key Operational Resilience Obligations | 206 |
3.4 Operational Resilience Enforcement | 208 |
3.5 International Data Transfers | 208 |
3.6 Threat-Led Penetration Testing | 210 |
4. Cyber-Resilience | 210 |
4.1 Cyber-Resilience Legislation | 210 |
4.2 Key Obligations Under Legislation | 211 |
5. Security Certification for ICT Products, Services and Processes | 212 |
5.1 Key Cybersecurity Certification Legislation | 212 |
6. Cybersecurity in Other Regulations | 212 |
6.1 Cybersecurity and Data Protection | 212 |
6.2 Cybersecurity and AI | 213 |
6.3 Cybersecurity in the Healthcare Sector | 214 |
1. General Overview of Laws and Regulators | 226 |
1.1 Cybersecurity Regulation Strategy | 226 |
1.2 Cybersecurity Laws | 227 |
1.3 Cybersecurity Regulators | 229 |
2. Critical Infrastructure Cybersecurity | 231 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 231 |
2.2 Critical Infrastructure Cybersecurity Requirements | 231 |
2.3 Incident Response and Notification Obligations | 233 |
2.4 State Responsibilities and Obligations | 233 |
3. Financial Sector Operational Resilience Regulation | 233 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 233 |
3.2 ICT Service Provider Contractual Requirements | 234 |
3.3 Key Operational Resilience Obligations | 235 |
3.4 Operational Resilience Enforcement | 235 |
3.5 International Data Transfers | 237 |
3.6 Threat-Led Penetration Testing | 238 |
4. Cyber-Resilience | 240 |
4.1 Cyber-Resilience Legislation | 240 |
4.2 Key Obligations Under Legislation | 240 |
5. Security Certification for ICT Products, Services and Processes | 240 |
5.1 Key Cybersecurity Certification Legislation | 240 |
6. Cybersecurity in Other Regulations | 241 |
6.1 Cybersecurity and Data Protection | 241 |
6.2 Cybersecurity and AI | 242 |
6.3 Cybersecurity in the Healthcare Sector | 243 |
1. General Overview of Laws and Regulators | 255 |
1.1 Cybersecurity Regulation Strategy | 255 |
1.2 Cybersecurity Laws | 255 |
1.3 Cybersecurity Regulators | 257 |
2. Critical Infrastructure Cybersecurity | 258 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 258 |
2.2 Critical Infrastructure Cybersecurity Requirements | 259 |
2.3 Incident Response and Notification Obligations | 259 |
2.4 State Responsibilities and Obligations | 260 |
3. Financial Sector Operational Resilience Regulation | 260 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 260 |
3.2 ICT Service Provider Contractual Requirements | 260 |
3.3 Key Operational Resilience Obligations | 261 |
3.4 Operational Resilience Enforcement | 262 |
3.5 International Data Transfers | 262 |
3.6 Threat-Led Penetration Testing | 262 |
4. Cyber-Resilience | 263 |
4.1 Cyber-Resilience Legislation | 263 |
4.2 Key Obligations Under Legislation | 263 |
5. Security Certification for ICT Products, Services and Processes | 264 |
5.1 Key Cybersecurity Certification Legislation | 264 |
6. Cybersecurity in Other Regulations | 264 |
6.1 Cybersecurity and Data Protection | 264 |
6.2 Cybersecurity and AI | 265 |
6.3 Cybersecurity in the Healthcare Sector | 266 |
1. General Overview of Laws and Regulators | 276 |
1.1 Cybersecurity Regulation Strategy | 276 |
1.2 Cybersecurity Laws | 276 |
1.3 Cybersecurity Regulators | 278 |
2. Critical Infrastructure Cybersecurity | 280 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 280 |
2.2 Critical Infrastructure Cybersecurity Requirements | 280 |
2.3 Incident Response and Notification Obligations | 280 |
2.4 State Responsibilities and Obligations | 280 |
3. Financial Sector Operational Resilience Regulation | 280 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 280 |
3.2 ICT Service Provider Contractual Requirements | 281 |
3.3 Key Operational Resilience Obligations | 281 |
3.4 Operational Resilience Enforcement | 282 |
3.5 International Data Transfers | 282 |
3.6 Threat-Led Penetration Testing | 283 |
4. Cyber-Resilience | 284 |
4.1 Cyber-Resilience Legislation | 284 |
4.2 Key Obligations Under Legislation | 284 |
5. Security Certification for ICT Products, Services and Processes | 284 |
5.1 Key Cybersecurity Certification Legislation | 284 |
6. Cybersecurity in Other Regulations | 284 |
6.1 Cybersecurity and Data Protection | 284 |
6.2 Cybersecurity and AI | 285 |
6.3 Cybersecurity in the Healthcare Sector | 286 |
1. General Overview of Laws and Regulators | 296 |
1.1 Cybersecurity Regulation Strategy | 296 |
1.2 Cybersecurity Laws | 297 |
1.3 Cybersecurity Regulators | 301 |
2. Critical Infrastructure Cybersecurity | 303 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 303 |
2.2 Critical Infrastructure Cybersecurity Requirements | 305 |
2.3 Incident Response and Notification Obligations | 307 |
2.4 State Responsibilities and Obligations | 308 |
3. Financial Sector Operational Resilience Regulation | 308 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 308 |
3.2 ICT Service Provider Contractual Requirements | 309 |
3.3 Key Operational Resilience Obligations | 310 |
3.4 Operational Resilience Enforcement | 310 |
3.5 International Data Transfers | 311 |
3.6 Threat-Led Penetration Testing | 313 |
4. Cyber-Resilience | 313 |
4.1 Cyber-Resilience Legislation | 313 |
4.2 Key Obligations Under Legislation | 314 |
5. Security Certification for ICT Products, Services and Processes | 314 |
5.1 Key Cybersecurity Certification Legislation | 314 |
6. Cybersecurity in Other Regulations | 315 |
6.1 Cybersecurity and Data Protection | 315 |
6.2 Cybersecurity and AI | 316 |
6.3 Cybersecurity in the Healthcare Sector | 317 |
1. General Overview of Laws and Regulators | 322 |
1.1 Cybersecurity Regulation Strategy | 322 |
1.2 Cybersecurity Laws | 322 |
1.3 Cybersecurity Regulators | 324 |
2. Critical Infrastructure Cybersecurity | 325 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 325 |
2.2 Critical Infrastructure Cybersecurity Requirements | 326 |
2.3 Incident Response and Notification Obligations | 326 |
2.4 State Responsibilities and Obligations | 327 |
3. Financial Sector Operational Resilience Regulation | 327 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 327 |
3.2 ICT Service Provider Contractual Requirements | 328 |
3.3 Key Operational Resilience Obligations | 328 |
3.4 Operational Resilience Enforcement | 329 |
3.5 International Data Transfers | 329 |
3.6 Threat-Led Penetration Testing | 330 |
4. Cyber-Resilience | 330 |
4.1 Cyber-Resilience Legislation | 330 |
4.2 Key Obligations Under Legislation | 330 |
5. Security Certification for ICT Products, Services and Processes | 333 |
5.1 Key Cybersecurity Certification Legislation | 333 |
6. Cybersecurity in Other Regulations | 333 |
6.1 Cybersecurity and Data Protection | 333 |
6.2 Cybersecurity and AI | 335 |
6.3 Cybersecurity in the Healthcare Sector | 335 |
1. General Overview of Laws and Regulators | 347 |
1.1 Cybersecurity Regulation Strategy | 347 |
1.2 Cybersecurity Laws | 347 |
1.3 Cybersecurity Regulators | 348 |
2. Critical Infrastructure Cybersecurity | 348 |
2.1 Scope of Critical Infrastructure Cybersecurity Regulation | 348 |
2.2 Critical Infrastructure Cybersecurity Requirements | 349 |
2.3 Incident Response and Notification Obligations | 350 |
2.4 State Responsibilities and Obligations | 351 |
3. Financial Sector Operational Resilience Regulation | 352 |
3.1 Scope of Financial Sector Operational Resilience Regulation | 352 |
3.2 ICT Service Provider Contractual Requirements | 353 |
3.3 Key Operational Resilience Obligations | 354 |
3.4 Operational Resilience Enforcement | 355 |
3.5 International Data Transfers | 355 |
3.6 Threat-Led Penetration Testing | 355 |
4. Cyber-Resilience | 356 |
4.1 Cyber-Resilience Legislation | 356 |
4.2 Key Obligations Under Legislation | 356 |
5. Security Certification for ICT Products, Services and Processes | 356 |
5.1 Key Cybersecurity Certification Legislation | 356 |
6. Cybersecurity in Other Regulations | 356 |
6.1 Cybersecurity and Data Protection | 356 |
6.2 Cybersecurity and AI | 357 |
6.3 Cybersecurity in the Healthcare Sector | 358 |
Powered by FlippingBook